Preventing shortened lifetimes of security keys in a wireless communications security system

ABSTRACT

23A wireless communications device has a first security key, a second security key, and established channels. Each established channel has a corresponding security count value, and utilizes a security key. At least one of the established channels utilizes the first security key. The second security key is assigned to a new channel. A first set is then used to obtain a first value. The first set has only security count values of all the established channels that utilize the second key. The first value is at least as great as the x most significant bits (MSBx) of the greatest value in the first set. The MSBx of the initial security count value for the new channel is set equal to the first value. If the first set is empty, then the initial security count is set to zero.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a third reissue application of U.S. Pat. No.6,925,183 (U.S. application Ser. No. 09/682,310, filed Aug. 16, 2001)and is continuation of U.S. patent application Ser. No. 16/230,198 filedDec. 21, 2018, which is a reissue of U.S. Pat. No. 6,925,183 (U.S.application Ser. No. 09/682,310, filed Aug. 16, 2001) and a continuationof U.S. Pat. No. RE47,200 (U.S. application Ser. No. 14/283,801, filedMay 21, 2014), which is a reissue of U.S. Pat. No. 6,925,183 (U.S.application Ser. No. 09/682,310, filed Aug. 16, 2001).

BACKGROUND OF INVENTION

1. Field of the Invention

The present invention relates to security count values in a wirelesscommunications system. In particular, the present invention discloses amethod for obtaining a security count value for a new channel that isestablished during a changing of a security key.

2. Description of the Prior Art

Please refer to FIG. 1 . FIG. 1 is a simplified block diagram of a priorart wireless communications system. The wireless communications systemincludes a first station 10 in wireless communications with a secondstation 20. As an example, the first station 10 is a mobile unit, suchas a cellular telephone, and the second station 20 is a base station.The first station 10 communicates with the second station 20 over aplurality of channels 12. The second station 20 thus has correspondingchannels 22, one for each of the channels 12. Each channel 12 has areceiving buffer 12r for holding protocol data units (PDUs) 11r receivedfrom the corresponding channel 22 of the second station 20. Each channel12 also has a transmitting buffer 12t for holding PDUs 11t that areawaiting transmission to the corresponding channel 22 of the secondstation 20. A PDU 11t is transmitted by the first station 10 along achannel 12 and received by the second station 20 to generate acorresponding PDU 21r in the receiving buffer 22r of the correspondingchannel 22. Similarly, a PDU 21t is transmitted by the second station 20along a channel 22 and received by the first station 10 to generate acorresponding PDU 11r in the receiving buffer 12r of the correspondingchannel 12.

For the sake of consistency, the data structures of each PDU 11r, 11t,21r and 21t along corresponding channels 12 and 22 are identical. Thatis, a transmitted PDU 11t generates an identical corresponding receivedPDU 21r, and vice versa. Furthermore, both the first station 10 and thesecond station 20 use identical PDU 11t, 21t data structures. Althoughthe data structure of each PDU 11r, 11t, 21r and 21t along correspondingchannels 12 and 22 is identical, different channels 12 and 22 may usedifferent PDU data structures according to the type of connection agreedupon along the corresponding channels 12 and 22. In general, though,every PDU 11r, 11t, 21r and 21t will have a sequence number 5r, 5t, 6r,6t. The sequence number 5r, 5t, 6r, 6t is an m-bit number that isincremented for each PDU 11r, 11t, 21r, 21t. The magnitude of thesequence number 5r, 5t, 6r, 6t indicates the sequential ordering of thePDU 11r, 11t, 21r, 21t in its buffer 12r, 12t, 22r, 22t. For example, areceived PDU 11rwith a sequence number 5r of 108 is sequentially beforea received PDU 11r with a sequence number 5r of 109, and sequentiallyafter a PDU 11r with a sequence number 5r of 107. The sequence number5t, 6t is often explicitly carried by the PDU 11t, 21t, but may also beimplicitly assigned by the station 10, 20. For example, in anacknowledged mode setup for corresponding channels 12 and 22, eachtransmitted PDU 11t, successful reception of which generates anidentical corresponding PDU 21r, is confirmed as received by the secondstation 20. A 12-bit sequence number 5t is explicitly carried by eachPDU 11t in acknowledged mode transmissions. The second station 20 scansthe sequence numbers 6r embedded within the received PDUs 21r todetermine the sequential ordering of the PDUs 21r, and to determine ifany PDUs 21r are missing. The second station 20 can then send a messageto the first station 10 that indicates which PDUs 21r were received byusing the sequence numbers 6r of each received PDU 21r, or may requestthat a PDU It be re-transmitted by specifying the sequence number 5t ofthe PDU 11t to be re-transmitted. Alternatively, in a so-calledtransparent transmission mode, data is never confirmed as successfullyreceived. The sequence numbers 5t, 6t are not explicitly carried in thePDUs 11t, 21t. Instead, the first station 10 simply internally assigns a7-bit sequence number 5t to each PDU 11t. Upon reception, the secondstation 20 similarly assigns a 7-bit sequence number 6r to each PDU 21r.Ideally, the sequence numbers 5t maintained by the first station 10 forthe PDUs 11t are identical to the corresponding sequence numbers 6r forthe PDUs 21r that are maintained by the second station 20.

Hyper-frame numbers (HFNs) are also maintained by the first station 10and the second station 20. Hyper-frame numbers may be thought of ashigh-order (i.e., most significant) bits of the sequence numbers 5t, 6t,and which are never physically transmitted with the PDUs 11t, 21t.Exceptions to this rule occur in rare cases of special signaling PDUs11t, 21t that are used for synchronization. In these cases, the HFNs arenot carried as part of the sequence number 11t, 21t, but instead arecarried in fields of the data payload of the signaling PDU 11t, 21t, andthus are more properly signaling data. As each transmitted PDU 11t, 21tgenerates a corresponding received PDU 21r, 11r, hyper-frame numbers arealso maintained for received PDUs 11r, 21r. In this manner, eachreceived PDU 11r, 21r, and each transmitted PDU 11t, 21t is assigned avalue that uses the sequence number (implicitly or explicitly assigned)5r, 6r, and 5t, 6t as the least significant bits, and a correspondinghyper-frame number (always implicitly assigned) as the most significantbits. Each channel 12 of the first station 10 thus has a receivinghyper-frame number (HFN_(R)) 13r and a transmitting hyper-frame number(HFN_(T)) 13t. Similarly, the corresponding channel 22 on the secondstation 20 has a HFN_(R) 23r and a HFN_(T) 23t. When the first station10 detects rollover of the sequence numbers 5r of PDUs 11r in thereceiving buffer 12r, the first station 10 increments the HFN_(R) 13r.On rollover of sequence numbers 5t of transmitted PDUs 11t, the firststation 10 increments the HFN_(T) 13t. A similar process occurs on thesecond station 20 for the HFN_(R) 23r and HFN_(T) 23t. The HFN_(R) 13rof the first station 10 should thus be synchronized with (i.e.,identical to) the HFN_(T) 23t of the second station 20. Similarly, theHFN_(T) 13t of the first station 10 should be synchronized with (i.e.,identical to) the HFN_(R) 23r of the second station 20.

The PDUs 11t and 21t are not transmitted “out in the open”. A securityengine 14 on the first station 10, and a corresponding security engine24 on the second station 20, together ensure secure and privateexchanges of data exclusively between the first station 10 and thesecond station 20. The security engine 14, 24 has two primary functions.The first is the obfuscation (i.e., ciphering, or encryption) of dataheld within a PDU 11t, 21t so that the corresponding PDU 11r, 21rpresents a meaningless collection of random numbers to an eavesdropper.The second function is to verify the integrity of data contained withinthe PDUs 11r, 21r. This is used to prevent another, improper, stationfrom masquerading as either the first station 10 or the second station20. By verifying data integrity, the first station 10 can be certainthat a PDU 11r was, in fact, transmitted by the second station 20, andvice versa. For transmitting a PDU 11t, the security engine 14 uses,amongst other inputs, an n-bit security count 14c and a security key 14kto perform the ciphering functions upon the PDU 11t. To properlydecipher the corresponding PDU 21r, the security engine 24 must use anidentical security count 24c and security key 24k. Similarly, dataintegrity checking on the first station 10 uses an n-bit security countthat must be synchronized with a corresponding security count on thesecond station 20. As the data integrity security count is generated ina manner similar to that for the ciphering security count 14c, 24c, andas ciphering is more frequently applied, the ciphering security count14c, 24c is considered in the following. The security keys 14k and 24kremain constant across all PDUs 11tand 21t (and thus corresponding PDUs21r and 11r), until explicitly changed by both the first station 10 andthe second station 20. Changing of the security keys 14k, 24k iseffected by a security mode command that involves handshaking betweenthe first station 10 and the second station 20 to ensure propersynchronization of the security engines 14, 24. The security modecommand is relatively infrequently performed, and depends upon the valueof the security count 14c. They security keys 14k, 24k are thusrelatively persistent. The security counts 14c and 24c, however,continuously change with each PDU 11t and 21t. This constant changing ofthe security count 14c, 24c makes decrypting (and spoofing) of PDUs 11t,21t more difficult, as it reduces statistical consistency of inputs intothe security engine 14, 24. The security count 14c for a PDU 11t isgenerated by using the sequence number 5t of the PDU 11t as the leastsignificant bits of the security count 14c, and the HFN_(T) 13tassociated with the sequence number 5t as the most significant bits ofthe security count 14c. Similarly, the security count 14c for a PDU 11ris generated from the sequence number 5r of the PDU 11r and the HFN_(R)13r of the PDU 11r. An identical process occurs on the second station20, in which the security count 24c is generated using the sequencenumber 6r or 6t, and the appropriate HFN_(R) 23r or HFN_(T) 23t. Thesecurity count 14c, 24c has a fixed bit size, say 32 bits. As thesequence numbers 5r, 6r, 5t, 6t may vary in bit size depending upon thetransmission mode used, the hyper-frame numbers HFN_(R) 13r, HFN_(R)23r, HFN_(T) 13t and HFN_(T) 23t must vary in bit size in acorresponding manner to yield the fixed bit size of the security count14c, 24c. For example, in a transparent transmission mode, the sequencenumbers 5r, 6r, 5t, 6t are all 7 bits in size. The hyper-frame numbersHFN_(R) 13r, HFN_(R) 23r, HFN_(T) 13t and HFN_(T) 23t are thus 25 bitsin size; combining the two together yields a 32 bit security count 14c,24c. On the other hand, in an acknowledged transmission mode, thesequence numbers 5r, 6r, 5t, 6t are all 12 bits in size. The hyper-framenumbers HFN_(R) 13r, HFN_(R) 23r, HFN_(T) 13t and HFN_(T) 23t are thus20 bits in size so that combining the two together continues to yield a32 bit security count 14c, 24c.

Initially, there are no established channels 12 and 22 between the firststation 10 and the second station 20. The first station 10 thusestablishes a channel 12 with the second station 20. To do this, thefirst station 10 must determine an initial value for the HFN_(T) 13t andHFN_(R) 13r. The first station 10 references a non-volatile memory 16,such as a flash memory device or a SIM card, for a start value 16s, anduses the start value 16s to generate the initial value for the HFN_(T)13t and the HFN_(R) 13r. The start value 16s holds the x mostsignificant bits (MSB_(x)) of a hyper-frame number from a previoussession along a channel 12. Ideally, x should be at least as large asthe bit size of the smallest-sized hyper-frame number (i.e., for theabove example, x should be at least 20 bits in size). The MSB, of theHFN_(T) 13t and the HFN_(R) 13r are set to the start value 16s, and theremaining low order bits are set to zero. The first station 10 thentransmits the start value 16s to the second station 20 (by way of aspecial signaling PDU 11t) for use as the HFN_(R) 23r and the HFN_(T)23t. In this manner, the HFN_(T) 13t is synchronized with the HFN_(R)23r, and the HFN_(T) 23t is synchronized with the HFN_(R) 13r.

As noted, the first station 10 may establish a plurality of channels 12with the second station 20. Each of these channels 12 uses its ownsequence numbers 5r and 5t, and hyper-frame numbers 13r and 13t. Whenestablishing a new channel 12, the first station 10 considers theHFN_(T) 13t and HFN_(R) 13r of all currently established channels 12,selecting the HFN_(T) 13tor HFN_(R) 13r having the highest value. Thefirst station 10 then extracts the MSB_(x) of this highest-valuedhyper-frame number 13r, 13t, increments the MSB_(x) by one, and uses itas the MSB_(x) for the new HFN_(T) 13t and HFN_(R) 13r for a newlyestablished channel 12. Synchronization is then performed between thefirst station 10 and the second station 20 to provide the MSB_(x) to thesecond station 20 for the HFN_(R) 23r and HFN_(T) 23t. In this manner, aconstantly incrementing spacing is ensured between the security counts14c of all established channels 12.

It is noted that, for the sake of security, the security keys 14k and24k should be changed after a predetermined interval. This interval is,in part, determined by the security count 14c, 24c. When the securitycount 14c for an established channel 12 exceeds a predetermined securitycrossover value 14x, the second station 20 (i.e., the base station) mayinitiate the security mode command to change the security keys 14k and24k to new security keys 14n and 24n. Both of the security keys 14n and24n are identical, and should not be the same as the previous securitykeys 14k and 24k. Changing over to the new security keys 14n, 24n mustbe carefully synchronized across all channels 12, 22 to ensure that thattransmitted PDUs 11t, 21tare properly deciphered into received PDUs 21r,11r. For example, if a PDU 11t is enciphered using the security key 14kand the security engine 24 attempts to decipher the correspondingreceived PDU 21r using the new security key 24n, the received PDU 21rwill be deciphered into meaningless data due to the lack ofsynchronization of the security keys 14k and 24n as applied to the PDUs11t and 21r. The security mode command is a somewhat complicated processthat takes a finite amount of time. Clearly, before the transmitting ofthe security mode command by the second station 20, only the securitykey 14k, 24k is used for all channels 12, 22. Similarly, after thesecurity mode command has been fully completed, only the new securitykey 14n, 24n will be used for all channels 12, 22. However, duringexecution of the security mode command, and the resulting hand-shakingbetween the two stations 10 and 20, there could be confusion as to whichsecurity key 14k, 24k, or 14n, 24n should be used. To prevent this fromhappening, the security mode command provides for a so-called activationtime 17r, 27t for each channel 12, 22. The activation time 17r, 27t issimply a sequence number value 5r, 6t of PDUs 11r, 21t. When executingthe security mode command, the second station 20 determines anactivation time 27t for the transmitting buffer 22t of each channel 22.The activation times 27t are not necessarily the same across allchannels 22, and, in fact, will generally be different. The securitymode command sent by the second station 20 to the first station 10provides the activation times 27t to the first station 10, which thefirst station 10 then uses to generate an identical correspondingactivation time 17r for the receiving buffer 12r of each channel 12. Inresponse to the security mode command, the first station 10 determinesan activation time 17t for the transmitting buffer 12t of each channel12. The first station 10 then sends a security mode complete message tothe second station 20, which contains the activation times 17t. Thesecond station 20 uses the security mode complete message to provide anactivation time 27r to the receiving buffer 22r of each channel 22,which is identical to the activation time 17t of the correspondingchannel 12 on the first station 10. The security mode command, andresultant final activation time 17t, are termed a security modereconfiguration. Using the first station 10 as an example, for all PDUs11t that have sequence numbers 5t that are prior to the activation time17t for their channel 12, the PDUs 11t are enciphered using the oldsecurity key 14k. For PDUs 11t which have sequence numbers 5t that aresequentially at or after the activation time 17t, the new security key14n is applied for enciphering. When receiving the PDUs 11t, the secondstation 20 uses the sequence numbers 6r and the activation time 27r todetermine which key 24k or 24n to use for deciphering of the PDUs 21r. Asimilar transmitting process also occurs on the second station 20, witheach channel 22 having the activation time 27t. The security modecommand provides for synchronization of the activation times 17r with27t and 17t with 27r so that the second station 20 and first station 10may know how to apply their respective security keys 24n, 24k and 14n,14k to received PDUs 21r, 11r and transmitted PDUs 11t, 21t. In thismanner, synchronization is ensured between the security engines 14 and24. To ensure that full use is obtained from the new security key 14n,24n, upon adoption of the new security key 14n, 24n by a channel 12, 22(i.e., after the activation times 17r, 17t and 27r, 27t for the channels12 and 22), the HFN_(R) 13r, 23r and the HFN_(T) 13t, 23t are cleared tozero, thus bringing the security count 14c, 24c for the channel 12, 22down to zero, or close to zero. For example, after a channel 12 exceedsits activation time 17t, the HFN_(T) 13t for the channel 12 is set tozero. The corresponding security count 14c for the transmitted PDUs 11tis thus brought close to zero. Similarly, upon receiving a PDU 21r thatexceeds the activation time 27r, the second station 20 clears theHFN_(R) 23r, thus reducing the security count 24c for the received PDUs21r.

However, the establishment of a new channel 12 during the security modereconfiguration may lead to a problem that shortens the lifetime of thenew security key 14n. When a new channel 12 is being established duringthe security mode reconfiguration, it is possible that there will beestablished channels 12 that are using the new security key 14n, andother channels 12 that are still using the old security key 14k. Thosechannels 12 using the new security key 14n will have hyper-frame numbers13r, 13t that are zero, or close to zero. However, those channels 12still using the old security key 14k (because they have not yet reachedtheir respective activation times 13a) will have hyper-frame numbers13r, 13t that are quite high. When assigning the hyper-frame numbers13r, 13t to the new channel 12, the first station 10 scans allestablished channels 12, selects the highest hyper-frame number 13r,13t, increments this value by one and then assigns it to the hyper-framenumbers 13r and 13t for the new channel 12. The new channel 12 will thusreceive hyper-frame numbers 13r, 13t that are much greater than zero,and which may possibly lead to the formation of a security count 14c forthe new channel 12 that is very close to the security cross-over value14x. This will cause a considerable shortening of the lifetime of thenew security key 14n.

SUMMARY OF INVENTION

It is therefore a primary objective of this invention to provide amethod for obtaining a security count value for a new channel that isestablished during a changing of a security key.

Briefly summarized, the preferred embodiment of the present inventiondiscloses a method for calculating an initial security count value for anew channel in a wireless communications device. The wirelesscommunications device has a first security key, a second security key,and established channels. Each established channel has a correspondingsecurity count value, and utilizes a security key. At least one of theestablished channels utilizes the first security key. The secondsecurity key is assigned to the new channel. A first set is then used toobtain a first value. The first set has only security count values ofall the established channels that utilize the second key. The firstvalue is at least as great as the x most significant bits (MSB_(x)) ofthe greatest value in the first set. The MSB_(x) of the initial securitycount value for the new channel is set equal to the first value. If thefirst set is empty, then the first value is set to zero.

It is an advantage of the present invention that by considering thesecurity count values associated with only those channels that use thesecond key, the new channel is prevented from obtaining an excessivelyhigh security count value. The lifetimes of security keys are thusprevented from being prematurely shortened.

These and other objectives of the present invention will no doubt becomeobvious to those of ordinary skill in the art after reading thefollowing detailed description of the preferred embodiment, which isillustrated in the various figures and drawings.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a simplified block diagram of a prior art wirelesscommunications system.

FIG. 2 is a simplified block diagram of a wireless communications systemaccording to the present invention.

DETAILED DESCRIPTION

In the following description, a station may be a mobile telephone, ahandheld transceiver, a base station, a personal data assistant (PDA), acomputer, or any other device that requires a wireless exchange of data.It should be understood that many means may be used for the physicallayer to effect wireless transmissions, and that any such means may beused for the system hereinafter disclosed.

Please refer to FIG. 2 . FIG. 2 is a simplified block diagram of awireless communications system 30 according to the present invention.The wireless communications system 30 is much like that of the priorart, as it is the primary objective of the present invention to changethe method used for assigning an initial security count value 44c, 54cto a newly established channel 42, 52. The wireless communicationssystem 30 includes a first station 40 in wireless communications with asecond station 50 over a plurality of established channels 42. The firststation 40 may establish a channel 42 to effect communications with thesecond station 50. The second station 50 establishes a correspondingchannel 52 for the channel 42 of the first station 40. The first station40 may also release an established channel 42, in which case the secondstation 50 releases the corresponding channel 52. Each channel 42 has areceiving buffer 42r and a transmitting buffer 42t. Similarly, on thesecond station 50, each channel 52 has a receiving buffer 52r and atransmitting buffer 52t. The receiving buffer 42r is used to holdprotocol data units (PDUs) 41r received from the second station 50. Thetransmitting buffer 42t is used to hold PDUs 41t awaiting transmissionto the second station 50. A PDU 41t is transmitted along its channel 42to the second station 50, where it is received and placed into thereceiving buffer 52r of the corresponding channel 52. Similarly, a PDU51t is transmitted along its channel 52 to the first station 40, whereit is received and placed into the receiving buffer 42r of thecorresponding channel 42. Each PDU 41r, 41t, 51r, 51t has an m-bitsequence number (SN) 35r, 35t, 36r, 36t that indicates the sequentialposition of the PDU 41r, 41t, 51r, 51t within its respective buffer 42r,42t, 52r, 52t. Sequentially later PDUs 41r, 41t, 51r, 51t havesequentially higher sequence numbers 35r, 35t, 36r, 36t. As the sequencenumber 35r, 35t, 36r, 36t has a fixed bit size of m bits, the sequencenumber 35r, 35t, 36r, 36t will rollover to zero when its value exceeds2^(m)−1. The receiving buffers 42r, 52r each have a respective receivinghyper-frame number (HFN_(R)) 43r, 53r that is incremented by one upondetection of such a rollover event of the sequence number 35r, 36r ofreceived PDUs 41r, 51r. The HFN_(R) 43r, 53r associated with eachreceived PDU 41r, 51r thus serves as high-order bits (most significantbits) for the sequence number 35r, 36r of the received PDU 41r, 51r.Similarly, each transmitting buffer 42t, 52t has a respectivetransmitting hyper-frame number (HFN_(T)) 43t, 53t that serves as thehigh-order, most significant bits of the sequence number 35t, 36t ofeach transmitted PDU 41t, 51t. The hyper-frame numbers 43r, 43t, 53r,53t are internally maintained by the first station 40 and second station50, and are explicitly transmitted only during synchronization events.This is in contrast to the sequence numbers 35t, 36t, which aretypically carried by their respective PDUs 41t, 51t.

The first station 40 has a security engine 44 that is used to performenciphering/deciphering and data integrity checks of the PDUs 41r, 41t.Two of a multiple of inputs into the security engine particularlyinclude an n-bit security count 44c, and a first security key 44k. Acorresponding security engine 54 is provided on the second station 50,which also uses an n-bit security count 54c and a first security key54k. A PDU 41t is enciphered by the security engine 44 using a distinctsecurity count 44c, and the first key 44k. To properly decipher thecorresponding received PDU 52r, the security engine 54 must use asecurity count 54c that is identical to the security count 44c, and thefirst security key 54k that is identical to the first security key 44k.Integrity checking of PDUs 41r, 41t, 51r, 51t also utilizes synchronizedsecurity counts, but as these integrity security counts are almostinvariably smaller than the ciphering security counts 44c, 54c, forpurposes of the following discussion it is the ciphering security counts44c, 54c that are considered.

The first security keys 44k and 54k are changed whenever the securitycount 44c for any established channel 42 exceeds a predeterminedcross-over value 44x. A security mode command is used to synchronize thesecurity engines 44 and 54 from using the first security key 44c, 54c tousing a second, new security key 44n, 54n. The security count 44c, 54ccontinuously changes with each PDU 41r, 41t, 51r, 51t along the channel42, 52. The security count 44c is generated for each PDU 41r, 41t byusing the sequence number 35r, 35t of the PDU 41r, 41t as the low-order(least significant) bits of the security count 44c, and the HFN_(R) 43r,HFN_(T) 43t, respectively associated with the PDU 41r, 41t, as thehigh-order bits of the security count 44c. A corresponding process isused by the security engine 54 of the second station 50. For a stream oftransmitted PDUs 41t along an established channel 42, the security count44c associated with the channel 12 continuously increases with each PDU41t. The same is thus also true for streams of PDUs 51t transmitted bythe second station 50. The range of security count values 44c used bythe various channels 42 may vary widely. Typically, all channels 42 willuse either the first security key 44k or the second security key 44n.

Initially, the first station 40 has no established channels 42 with thesecond station 50. To establish a channel 42 with the second station 50,the first station 40 first extracts a start value 46s from anon-volatile memory 46 of the first station 40, and uses this startvalue 46s to generate the HFN_(T) 43t and the HFN_(R) 43r for thechannel 42 that is to be established. The non-volatile memory 46 is usedto permanently store data for the first station 40, and may be anelectrically erasable programmable read-only memory (EEPROM), a SIMcard, or the like, so that the start value 46s is not lost when thefirst station 40 is turned off. Ideally, the bit size of the start value46s should be equal to the bit size of the hyper-frame numbers 43t and43r. In this case, the HFN_(T) 43t and the HFN_(R) 43r are simply setequal to the start value 46s. If, however, the start value 46s is x bitsin size for m-bit hyper-frame number 43t, 43r, and x is less than m,then the start value 46s is used as the x most significant bits(MSB_(x)) of the hyper-frame numbers 43t, 43r, and the remaininglow-order bits of HFN_(T) 43t and HFN_(R) 43r are simply set to zero.After generating the hyper-frame numbers 43t and 43r by way of the startvalue 46s, the first station 40 transmits the start value 46s (or,alternatively, one of HFN_(T) 43t or HFN_(R) 43r) to the second station50 so that the second station 50 may set the HFN_(R) 53r and the HFN_(T)53t of the corresponding channel 52 equal to the initial value of thehyper-frame numbers 43t and 43r. In this manner, the HFN_(T) 43t issynchronized with the corresponding HFN_(R) 53r, and the HFN_(R) 43r issynchronized with the corresponding HFN_(T) 53t. As the start value 46sis an x-bit sized number, and the HFN_(T) 43t is used as the mostsignificant bits of the security count 44c for transmitted PDUs 41t, thestart value 46s effectively holds the MSB_(x) of the n-bit securitycount 44c, where n is equal to the sum of the bit size of the HFN_(T)43t and the bit size of the sequence number 35t. This is also true forthe security count 44c for received PDUs 41r, as regards HFN_(R) 43r. Asecurity key is also assigned to the newly established channel 42, suchas the first security key 44k, which is then used by the security engine44 for ciphering and deciphering operations of the new channel 42 Manyother channels 42 may be established by the first station 40 (or inresponse to a channel 52 being established by the second station 50)after an initial channel 42 has been established. When establishing anew channel 42 when other channels 42 are already established, the firststation 40 first assigns a security key to the new channel 42. Thesecurity key will typically be the security key that is already in useby all other established channels 42, such as the first security key44k. However, due to a security mode command, the new channel 42 may beassigned a second security key, such as the new security key 44n, thatis different from that of other established channels 42. By way ofexample, it is assumed in the following that the first station 40assigns the new security key 44n to a new channel 42. The first station40 must next assign hyper-frame numbers 43r and 43t to the new channel42. To do this, the first station 40 parses all other establishedchannels 42 that also use the new security key 44n (i.e., the samesecurity key that is assigned to the new channel 42) at the time the newchannel 42 is being established, and selects the greatest security count44c from all of these channels 42. This greatest security count 44c maybe formed from either a receiving hyper-frame number HFN_(R) 43r, or atransmitting hyper-frame number HFN_(T) 43t, and is used to generate thehyper-frame numbers 43r, 43t of the new channel 42. For simplicity inthe following discussion, it is assumed that the hyper-frame numbers43r, 43t of the new channel 42 are both x bits in size, and that the xmost significant bits (MSB_(x)) of this so-called greatest securitycount 44c are copied into a temporary holding space as a first value 45.For example, if the hyper-frame numbers 43r, 43t for the new channel 42are 20 bits in size, then the MSB₂₀ of the greatest security count 44c(associated with the new security key 44n) are used as the first value45. The first value 45 is then incremented if the first value 45 is lessthan 2^(x)−1, so as to ensure that no rollover to zero (i.e., over-flow)occurs. The first value 45 is then copied into the HFN_(R) 43r and theHFN_(T) 43t of the new channel 42. Note that if no other establishedchannels 42 are using the new security key 44n (i.e., the same securitykey that is being used by the new channel 42) at the time that the newchannel 42 is being established, then the hyper-frame values 43r and 43tfor the new channel 42 are simply set to zero. That is, the first value45 is given a default value of zero, which becomes the value for thehyper-frame numbers 43r and 43t. Alternatively, as zero is sometimesused as a flag, another small value, such as one, may be used.

Note that the above is, in fact, setting the MSB_(x) of an initial valuefor the security counts 44c (one for the receiving buffer 42r, anotherfor the transmitting buffer 42t) for the new channel 42 according to theMSB_(x) of the security counts 44c of other established channel 42 thatuse the same security key 44n as is used by the new channel 42. Ineffect, a set 48 of elements 48e is parsed. Each element 48e is asecurity count 44c for either a receiving buffer 42r or a transmittingbuffer 42t of a channel 42 that uses the new security key 44n. Each andevery security count 44c that is associated with the new security key44n is represented as an element 48e in the set 48. Each channel 42 thatuses the new security key 44n thus provides two elements 48e to the set48. The MSB_(x) of the largest element 48e in this set 48 are thenextracted, incremented, and used as the MSB_(x) for the security counts44c for the receiving buffer 42r and transmitting buffer 42t of the newchannel 42, by way of the hyper-frame numbers 43r and 43t of the newchannel 42.

The present invention method is particularly important for thedetermination of the hyper-frame numbers 43r, 43t of a new channel 42that is established just after, or during, a security modereconfiguration. Initially, a plurality of channels 42 are established,each using the first security key 44k. A security mode command isperformed some time later, which culminates in a receiving activationtime 49r for each receiving buffer 42r, and a transmitting activationtime 49t for each transmitting buffer 42t. After reception of thesecurity mode command, when the sequence numbers 35r, 35t of PDUs 41r,41t exceed their respective buffer 42r, 42t activation times 49r, 49t,the respective hyper-frame number 43r, 43t is cleared to zero, and thesecond, new security key 44n is then applied to the PDUs 41r, 41t. As anexample, consider a stream of PDUs 41t in a transmitting buffer 42thaving sequence numbers 35t ranging from 18 to 35. Further assume thatthis transmitting buffer 42t has an HFN_(T) 43t of 168, and anactivation time 49t of 30. After reception of the security mode command,the PDUs 41t with sequence numbers 35t from 18 to 29 are transmittedusing the first security key 44k, and security counts 44c with mostsignificant bits (MSBs) given by the HFN_(T) value 43t of 168. PDUs 41twith sequence numbers 35t from 30 to 35, however, are transmitted usingthe second security key 44n, and security counts 44c with mostsignificant bits (MSBs) given by a new HFN_(T) value 43t of zero. Whenestablishing a new channel 42, the second, new security key 44n isassigned to this new channel 42. The first station 40 then considersevery buffer 42r, 42t that has reached or exceeded its respectiveactivation time 49r, 49t, and is thus using the new security key 44n atthe time that the new channel 42 is being established. The largestsecurity count 44c of such buffers 42r, 42t is then used in the mannerpreviously described to generate the hyper-frame numbers 43r, 43t forthe new channel 42. Again, if no such buffers 42r, 42t exist, then thehyper-frame numbers 43r, 43t for the new channel 42 are simply set to adefault value, such as zero. Note that no security count values 44c areconsidered for buffers 42r, 42t that have not reached or exceeded theirrespective activations times 49r, 49t, and which thus continue to usethe first security key 44k. Because of this, the present inventionavoids entangling hyper-frame numbers 43r, 43t that properly associatewith the first security key 44k when assigning values to hyper-framenumbers 43r, 43t that associate with the second, new security key 44n.In this manner, the lifetime of the new security key 44n is notprematurely shortened due to an initial assignment of unduly highhyper-frame numbers 43r, 43t. As before, the above description of thepresent invention method may be thought of as the parsing of a set 48that contains all security count values 44c (as elements 48e) that areassociated with the second, new key 44n at the time that the new channel42 is initiated for establishment. The MSB_(x) of the largest-valuedelement 48e in this set 48 are extracted, incremented, and used for thex-bit hyper-frame numbers 43r, 43t of the new channel 42, thus providingthe MSB_(x) for the initial values of the security counts 44c of the newchannel 42.

In contrast to the prior art, the present invention only considerssecurity count values associated with a second security key whenassigning an initial security count value to a new channel that uses thesecond security key. Security count values associated with the firstsecurity key thus do not influence the calculation of the new securitycount value for the new channel, and so do not lead to a prematurelyshortened lifetime for the second security key.

Those skilled in the art will readily observe that numerousmodifications and alterations of the device may be made while retainingthe teachings of the invention. Accordingly, the above disclosure shouldbe construed as limited only by the metes and bounds of the appendedclaims.

What is claimed is:
 1. A method for calculating an initial security count value for a new channel in a wireless communications device, the wireless communications device comprising: a first security key; a second security key; and a plurality of established channels, each established channel having a corresponding security count value and utilizing a security key, at least one of the established channels utilizing the first security key; the method comprising: assigning the second security key to the new channel; utilizing a first set to obtain a first value, the first set consisting of corresponding security count values of the established channels that utilize the second key, the first value being at least as great as the x most significant bits (MSB_(x)) of a value in the first set; and setting the MSB_(x) of the initial security count value for the new channel equal to the first value; wherein if the first set is empty, then the first value is set to a first predetermined value.
 2. The method of claim 1 wherein the first predetermined value is zero.
 3. The method of claim 2 wherein the first value is at least as great as the MSB_(x) of the greatest value in the first set.
 4. The method of claim 3 wherein the first value is greater than the MSB_(x) of the greatest value in the first set.
 5. A method for providing an initial security count value to a new channel in a wireless communications device, the method comprising: establishing at least a first channel, each first channel utilizing a first security key and having a corresponding security count value; performing a security mode reconfiguartion to change utilization of each first channel from the first security key to a second security key according to an activation time for each first channel; wherein upon utilization of the second security key, the corresponding security count value for the first channel is changed; initiating establishment of a second channel that utilizes the second security key; utilizing a first set to obtain a first value, the first set consisting of corresponding security count values of the established channels that utilize the second key, the first value being at least as great as the x most significant bits (MSB_(x)) of a value in the first set; and setting the MSB_(x) of the initial security count value for the second channel equal to the first value; wherein if the first set is empty, then the first value is set to a first predetermined value.
 6. The method of claim 5 wherein the first set includes the corresponding security count values of all first channels utilizing the second security key when initiating the establishment of the second channel.
 7. The method of claim 6 wherein the predefined value is zero.
 8. The method of claim 5 wherein the first value is at least as great as the MSB_(x) of the greatest value in the first set.
 9. The method of claim 8 wherein the first value is greater than the MSB_(x) of the greatest value in the first set.
 10. A method for calculating an initial security count value for a new channel, the method comprising: establishing a plurality of established channels in a wireless communication device, wherein each established channel in the wireless communication device has a corresponding security count value and utilizes a first security key; performing a security mode reconfiguration to change utilization of each of the established channels in the wireless communication device from the first security key to a second security key according to an activation time for each of the established channels, wherein upon utilization of the second security key by one of the established channels, the corresponding security count value for the one of the established channels is changed, wherein the second security key is a new security key that replaces the first security key and is different from the first security key; initiating establishment of a new channel in the wireless communication device; assigning the second security key to the new channel; utilizing a first set to obtain a first value, wherein the first set includes corresponding security count values of the established channels in the wireless communication device that utilize the second security key and that have reached or exceeded their activation time but excludes security count values of the established channels that utilize the first security key, and wherein the first value is at least as great as the x most significant bits (MSB_(x)) of the greatest security count value in the first set, and wherein at least one of the established channels is utilizing the first security key; and setting the MSB_(x) of the initial security count value for the new channel equal to the first value, wherein if the first set is empty, then the first value is set to a first predetermined value, wherein the first predetermined value is zero and wherein the first set includes the corresponding security count value of each established channel in the wireless communication device utilizing the second security key when initiating the establishment of the new channel in the wireless communication device.
 11. The method of claim 10, wherein the performing a security mode reconfiguration occurs in response to the security count value for one of the established channels exceeding a predetermined cross-over value. 